Ross Singer <[log in to unmask]>
> On Jan 7, 2013, at 7:25 AM, MJ Ray <[log in to unmask]> wrote:
> > It should at least mention that (fortunately, my organisation lets me
> > enable javascript for specific sites) and ideally it should be allowed
> > to vote without it, because some libraries are really locked down.
>
> I am skeptical of this claim.
>
> In 2013, if organizations are disabling javascript, tremendous parts
> of the web are broken for them.
Why? In 2013, there are still libraries without internet access for
security reasons. Of course, when it gets that drastic, it's beyond
help for vote.code4lib, but there are also many libraries using
heavily filtered connections.
That includes shared-whitelist-based permission systems, so they may
allow (say) LinkedIn to work, but I doubt they will have heard of
code4lib, let alone added it to their institutional whitelist.
I suspect I might have seen/heard of a disproportionate number of
locked-down sites, as FOSS LMS like Koha can run stand-alone, without
phoning home or license management authorisations, and its internals
can be reviewed.
I used to try ranting against them, but really, the number of browser
exploits that didn't work if javascript was disabled makes it a tough
call. And on phones, it often becomes a whole-system exploit, like in
http://www.phonedog.com/2010/11/29/android-browser-falls-victim-to-javascript-based-exploit/
http://crackberry.com/rim-advises-disablng-javascript-your-blackberry-browser-after-exploit-discovered
and others.
https://www.symantec.com/security_response/writeup.jsp?docid=2008-011517-3725-99&tabid=2
says, "Users may also consider using tools that block JavaScript from
sites not on a whitelist" and I feel that's the best approach now,
if you can. NoScript.net for Firefox-based browsers, perhaps.
Finally, a lot of bigger websites do actually have versions which
don't require javascript, such as Twitter and Facebook - and they
provide them despite the drawbacks of not being able to invade their
users' privacy like they can with script. Actually, one small problem
in asking people to switch to FOSS alternatives like StatusNet and
Diaspora is that they don't have non-js versions yet.
> That said, the diebold-o-tron is FLOSS
> (http://code.google.com/p/conferencekeeper/source/checkout -
> currently running from the 'diebold' branch), so patches welcome if
> you have the inclination to submit a non-js dependent version.
I've made a note of it and added it to our community TODO, but I've
not used Ruby on Rails for years so I may be some time. How often are
votes / when's the next likely vote?
Regards,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/
|